Lucene search
K

4758 matches found

Nuclei
Nuclei
added yesterday78 views

iTop Hub Connector - Information Disclosure

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. id: CVE-2024-32870 info: name: iTop Hub...

5.8CVSS6.9AI score0.00731EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-50479 Windows USB Hub Driver Elevation of Privilege Vulnerability

...

7.8CVSS0.00318EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-50479

CVE-2026-50479 affects the Windows USB Hub Driver via an untrusted pointer dereference, enabling local privilege escalation for an authenticated user. Public sources confirm this vulnerability and Microsoft has released a security update to address it (MSRC vulnerability page). The entry is corro...

7.8CVSS6AI score0.00318EPSS
Exploits0References1
Nuclei
Nuclei
added 3 days ago12 views

SmarterMail - Remote Code Execution

SmarterTools SmarterMail build 9511 contains an unauthenticated remote code execution caused by malicious OS command execution via ConnectToHub API method, letting remote attackers execute arbitrary commands, exploit requires no authentication. id: CVE-2026-24423 info: name: SmarterMail - Remote...

9.8CVSS7.6AI score0.87693EPSS
Exploits0References4
NVD
NVD
added 2026/07/08 11:16 p.m.13 views

CVE-2026-59723

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 10:25 p.m.36 views

CVE-2026-59723 Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS0.00145EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/08 10:25 p.m.6 views

CVE-2026-59723

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS6.1AI score0.00145EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/07/08 8:16 p.m.7 views

CVE-2026-36028

A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...

6.8CVSS0.00237EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.13 views

PT-2026-56625

Name of the Vulnerable Software and Affected Versions Cline versions prior to 3.0.30 Description The Cline Hub dashboard server, initiated via the cline dashboard command, fails to validate the Origin header for WebSocket connections on the /browser endpoint. When the ROOM SECRET is unset for loc...

8.8CVSS6.2AI score0.00145EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-56535

Name of the Vulnerable Software and Affected Versions Code 27 Companion Hub affected versions not specified Description A protection mechanism failure allows an attacker with physical access to completely bypass kiosk restrictions by performing a factory reset. Recommendations At the moment, ther...

6.8CVSS6.1AI score0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.30 views

CVE-2026-36028

A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...

0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.32 views

CVE-2026-36027

An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging ADB and Android Debug Bridge components...

0.00331EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 12:0 a.m.6 views

CVE-2026-36028

Technical details are not publicly available in the provided documents. Monitor for updates as no specific affected components, versions, or remediation are disclosed here.

6.8CVSS6AI score0.00237EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 12:0 a.m.11 views

CVE-2026-36027

CVE-2026-36027 concerns Code27 Companion Hub SQ3A.220705.003.A1. The issue, described across the provided sources, allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) / Android Debug Bridge components. The CVSS metrics indicate a physical attack vector wit...

6.8CVSS6.3AI score0.00331EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 3:26 p.m.5 views

GO-2026-5890 Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect in github.com/kerberos-io/agent/machinery

Kerberos Hub private key X-Kerberos-Hub-PrivateKey leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect in github.com/kerberos-io/agent/machinery...

5.9AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/07 7:23 a.m.5 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 1 of 2)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for...

9.1CVSS6.9AI score0.00533EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/06 3:6 a.m.9 views

Malicious code in zod-pino434 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 599a5d533bf699156b78f5296f643227bf3e43d8e46f2adabfe250205a05bd26 Package name zod-pino434 and package.json description Node.js integration layer for Autodesk Forge do not match the shipped code. On npm install, the...

6AI score
Exploits0References3
OSV
OSV
added 2026/07/03 11:47 p.m.5 views

MAL-2026-6753 Malicious code in schemavault (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ae0aa9efa2a8389cfe9d5c41d5ab3689f4965c945a24613493f94f9de033ab1 schemavault 4.1.0 is presented as a schema-validation library but ships capabilities and data that have no relationship to schema validation...

6.3AI score
Exploits0References4
NVD
NVD
added 2026/07/03 12:16 a.m.10 views

CVE-2026-13768

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...

10CVSS0.00559EPSS
Exploits2References3
CVE
CVE
added 2026/07/02 11:52 p.m.22 views

CVE-2026-54477

CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References3
Rows per page
Query Builder